The Changing Landscape

The Obsolescence of clock and data, and Wiegand

By Roscoe Coffman

Mar 01, 2018

The security landscape is constantly evolving with new
products and technologies. With the introduction of
these new and improved technologies, it is inevitable
that products which have existed within the industry
for years may no longer be the go-to choice when it
comes to selecting system equipment.

Readers and credentials are a perfect example. Because these pieces
serve as a vital component of any access control solution, it is critical
they offer the most up-to-date technology to achieve maximum
security. The technology behind readers and credentials has changed
dramatically over the years, and end users now have multiple options
to choose from.

The History of Clock and Data,
and Wiegand

In 1969, an engineer with IBM, Forrest Parry, had the idea of attaching
a piece of magnetic tape, similar to that used to record data for
computers, to a card to be used as an identifier. He became frustrated
trying different types of adhesives, all of which deformed the magnetic
tape. Venting his frustration to his wife while she was ironing,
she suggested that he iron it on. It worked, and the American Banking
Association (ABA) format, or Clock and Data, was born.

Next step in the evolution: John R. Wiegand was born in Germany
in 1911 and came to the United States in the 1930s. He was interested
in audio amplifiers and ventured into the world of engineering,
where he eventually discovered and patented the Wiegand effect, a
type of magnetic effect in specially designed wire that outputs voltage.
It was initially thought that this would have applications in the
automotive industry for ignition systems; however, it found its most
popular application in the world of security in the early 1980s.

The Wiegand wires embedded inside of a plastic card were infinitely
more durable than magnetic strip credentials, and only a limited
amount of data needed to be stored, such as a facility code and
a number. Thus was born the most common credential in the security
industry: the 26-bit Wiegand. It consisted of two parity bits, eight
bits of facility code and 16 bits of ID code for a total of 26 bits.
Physical limitations on how close the Wiegand wires could be and
still function, combined with the CR-80 card size, gave us the maximum
amount of data that could reside on the card—37 bits.

Since the electrical standards for the readers was so widely adopted
on access control panels, when better technology came along,
the electrical aspect of Wiegand was retained. The problem is that
both Wiegand and Clock and Data are one-way protocols; data flows
out from the card reader, but nothing can be sent back. There is also
no way to tell if the reader has been removed unless an auxiliary contact
is installed, requiring another input point to be used to provide
supervision of the reader. This means an added expense, so unless it
has been carefully specified, it rarely happens.

Today, it is very likely that several existing access control readers
could be torn off the wall and no one would know it until someone
called in and reported the incident.

Alternative Options for Increased Security

In today’s evolving world, RS-485 protocol is almost universally
available on all modern card readers and access control panels. This
communication protocol is poll and respond, which means the reader
doesn’t communicate until it is polled by the host panel, allowing the
connected reader to be inherently supervised. If it becomes disconnected,
then the system will report that it is “offline.” Virtually all
modern ISO 14443A, 14443B or 15693 readers support RS-485. In
addition to the fact that the readers are supervised, they are exponentially
more secure than even the proximity cards, and in today’s world
are no more costly.

Open Supervised Device Protocol (OSDP) is a communication
standard recently adopted by the Security Industry Association
(SIA) that far surpasses the outdated Wiegand technology and greatly
improves interoperability between access control systems and supporting
security products.

There are significant advantages of OSDP vs. Wiegand, a few of
them being the ability for bi-directional communication between the
reader and controller, longer read range and a simpler installation
with less wiring involved.

Furthermore, Wiegand systems transfer information unencrypted,
increasing the risk for sensitive data to be intercepted. With
OSDP, the access control system creates a secure tunnel between
itself and the reader to protect the data being transmitted. This
technology is supported by manufacturers like Mercury Security
and will likely become more and more common in the industry. If
you are not currently using this updated technology, you may be
needlessly compromising your system’s security.
Similarly, if you are a systems sales professional
and are not strongly encouraging your customers
to implement it, you are doing them a great
disservice.

This article originally appeared in the March 2018 issue of Security Today.